On Wed, Dec 17, 2014 at 9:19 PM, Iliev, Hristo <[email protected]> wrote: > > Hi, > > We managed to get a custom authenticator and it works as expected now. > Thanks for the help. > > It seems we also need to mimic the lookup operation. Doing this with > interceptor resulted in error message about missing entry. > > most likely due to the order of your interceptor in the chain, at what number did you place your interceptor?
We found out that we need to implement custom partition [1]. ADStudio > created a JDBM based partition, so it seems we need to change the > implementation details into the configuration file. > > the easiest way to solve your case is to use an interceptor, currently there is no easy way to inject your custom partition unless you use ApacheDS in embedded mode. > However we can't seem to find any existing examples on how to do this with > the new configuration format. Any pointer to some existing config example > about how to specify our own partition would be appreciated. > > Regards, > Hristo Iliev > > -----Original Message----- > From: Kiran Ayyagari [mailto:[email protected]] > Sent: Tuesday, December 16, 2014 1:16 AM > To: [email protected] > Subject: Re: 2.0.0-M19 as LDAP wrapper/proxy > > On Mon, Dec 15, 2014 at 10:12 PM, Iliev, Hristo <[email protected]> > wrote: > > > > Hi, > > > > We want to integrate Cloud Foundry UAA (#1) with authentication systems > > not supporting LDAP natively. To do this we want to use ApacheDS > 2.0.0-M19 > > as protocol translator that accepts LDAP requests and delegates > > authentication requests to our own backend. > > > > To do this we want to use client that talks to Apache DS with search & > > bind or simple bind. The used user and password for the bind should then > be > > forwarded to our backend like this: Client -----> Apache DS -----> > Backend > > > > We tried to use Interceptors as described in the documentation (#2) , but > > we found out that lookup does not have information about the password > (nor > > entry in the LookupOperationContext), so this seems as dead-end. > > > the credential information will only be present in BindOperationContext > what you need here is a delegating authenticator, take a look at the > existing DelegatingAuthenticator[1] > this is used for LDAP->LDAP authentication but should help you in modeling > yours > > [1] > > http://svn.apache.org/repos/asf/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java > > > > > Can someone recommend the best way to implement protocol > > translator/proxy/wrapper with Apache DS 2.0.0? Should we use > > RequestHandlers instead? > > > > Regards, > > Hristo Iliev > > > > 1: https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-LDAP.md > > 2: > > > https://cwiki.apache.org/confluence/display/DIRxSRVx11/6.2.+Implementing+a+simple+custom+Interceptor > > > > > > -- > Kiran Ayyagari > http://keydap.com > -- Kiran Ayyagari http://keydap.com
